diff options
| author | Jeffrey Altman <jaltman@secure-endpoints.com> | 2004-04-06 17:36:44 +0000 |
|---|---|---|
| committer | Jeffrey Altman <jaltman@secure-endpoints.com> | 2004-04-06 17:36:44 +0000 |
| commit | 0f70ce0814ae83623a1188210fa36071d4ddec79 (patch) | |
| tree | 40f606b72d35e408958ba7986f4a9089f6978499 | |
| parent | 284a093555f87a71bb5b2a0701146830d8ba6dff (diff) | |
| download | krb5-0f70ce0814ae83623a1188210fa36071d4ddec79.zip krb5-0f70ce0814ae83623a1188210fa36071d4ddec79.tar.gz krb5-0f70ce0814ae83623a1188210fa36071d4ddec79.tar.bz2 | |
* cc_mslsa.c:
In at least one case on Win2003 it appears that it is possible
for the logon session to be authenticated via NTLM and yet for
there to be Kerberos credentials obtained by the LSA on behalf
of the logged in user. Therefore, we are removing the test
for IsKerberosLogon() within krb5_lcc_resolve()
which was meant to avoid the need to perform GetMSTGT() when
there was no possibility of credentials being found.
ticket: new
tags: pullup
target_version: next
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16235 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/lib/krb5/ccache/ChangeLog | 11 | ||||
| -rw-r--r-- | src/lib/krb5/ccache/cc_mslsa.c | 9 |
2 files changed, 20 insertions, 0 deletions
diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog index 61e7a66..ad73c2a 100644 --- a/src/lib/krb5/ccache/ChangeLog +++ b/src/lib/krb5/ccache/ChangeLog @@ -1,3 +1,14 @@ +2004-04-06 Jeffrey Altman <jaltman@mit.edu> + + * cc_mslsa.c: + In at least one case on Win2003 it appears that it is possible + for the logon session to be authenticated via NTLM and yet for + there to be Kerberos credentials obtained by the LSA on behalf + of the logged in user. Therefore, we are removing the test + for IsKerberosLogon() within krb5_lcc_resolve() + which was meant to avoid the need to perform GetMSTGT() when + there was no possibility of credentials being found. + 2004-03-31 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Add IsWindows2000() function and use it to return diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c index 0caf65a..9d06753 100644 --- a/src/lib/krb5/ccache/cc_mslsa.c +++ b/src/lib/krb5/ccache/cc_mslsa.c @@ -1126,8 +1126,17 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) if (!IsWindows2000()) return KRB5_FCC_NOFILE; +#ifdef COMMENT + /* In at least one case on Win2003 it appears that it is possible + * for the logon session to be authenticated via NTLM and yet for + * there to be Kerberos credentials obtained by the LSA on behalf + * of the logged in user. Therefore, we are removing this test + * which was meant to avoid the need to perform GetMSTGT() when + * there was no possibility of credentials being found. + */ if (!IsKerberosLogon()) return KRB5_FCC_NOFILE; +#endif if(!PackageConnectLookup(&LogonHandle, &PackageId)) return KRB5_FCC_NOFILE; |